Re: Audit: Account Logon Vs. Logon Events
From: Chris (myprivacy@important.com)
Date: 05/09/02
- Next message: Aaron N. Cutshall: "Temporary user rights"
- Previous message: Chris: "Audit: Account Logon Vs. Logon Events"
- In reply to: Chris: "Audit: Account Logon Vs. Logon Events"
- Next in thread: Eric Fitzgerald [MS]: "Re: Audit: Account Logon Vs. Logon Events"
- Reply: Eric Fitzgerald [MS]: "Re: Audit: Account Logon Vs. Logon Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris" <myprivacy@important.com> Date: Thu, 9 May 2002 15:28:14 -0400
Answered my own question via the Resource Kit!
Audit logon events
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy
Description
Determines whether to audit each instance of a user logging on, logging off,
or making a network connection to this computer.
If you are auditing successful Audit account logon events <515.htm> on a
domain controller, then workstation logons do not generate logon audits.
Only interactive and network logons to the domain controller itself generate
logon events. In short, "account logon events" are generated where the
account lives. "Logon events" are generated where the logon occurs.
By default, this value is set to No auditing in the Default Domain
Controller Group Policy object (GPO) and in the local policies of
workstations and servers.
If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when logon occurs successfully. Failure
audits generate an audit entry when an attempted occurrence of the logon
fails. You can select No auditing by defining the policy setting and
unchecking Success and Failure.
Audit account logon events
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy
Description
Determines whether to audit each instance of a user logging on or logging
off of another computer where this computer was used to validate the
account.
For domain controllers, this policy is defined in the Default Domain
Controllers Group Policy object (GPO). The default setting is No auditing.
If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when account logon occurs successfully.
Failure audits generate an audit entry when an attempted occurrence of the
account logon fails. You can select No auditing by defining the policy
setting and unchecking Success and Failure.
As an example, if success auditing for account logon events is enabled on a
domain controller, then an entry is logged for each user validated against
that domain controller even though the user is actually logging on to a
workstation that is joined to the domain.
See also Audit logon events <518.htm>.
"Chris" <myprivacy@important.com> wrote in message
news:eggo0549BHA.2456@tkmsftngp05...
> Can someone please definitively explain the difference between auditing
> these two events?
>
> Auditing Account Logon Events
> and
> Auditing Logon Events.
>
> Thanks,
>
> Chris
>
>
- Next message: Aaron N. Cutshall: "Temporary user rights"
- Previous message: Chris: "Audit: Account Logon Vs. Logon Events"
- In reply to: Chris: "Audit: Account Logon Vs. Logon Events"
- Next in thread: Eric Fitzgerald [MS]: "Re: Audit: Account Logon Vs. Logon Events"
- Reply: Eric Fitzgerald [MS]: "Re: Audit: Account Logon Vs. Logon Events"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
